Present and Future
As Beckstrom described in this presentation, the wars over the years require time for forces to align. During the Nuclear era, once the major powers acquired these arms, everyone realized it was in the best interest of each country not to use them, i.e. mutually assured destruction. This is ongoing right now with Cyberwar. He said that China or Russia could hobble the infrastructure of the United States tomorrow, but they realize that if they did that, the US would do the same to them, therefore no one conducts this sort of cyber-attack.
Law firms are not a sovereign territory so all aforementioned groups are threats and in turn are seeking them out. These groups have tools which are sold on the Dark Web as out of the box solutions and can wreak havoc for firms in very little time. In the graphic below Beckstrom outlines an ecosystem where various parties work together but in isolation to earn money or take down a company. The scripts are created by people and sold to criminals. While another sets of criminals have harvested millions of credentials. In conjunction the Criminal Operator uses both to target a law firm or corporation. Those proceeds or goods are then routed through Mules. These are everyday people who simply accept packages and send them along to someone else which keeps the money flowing. In most of the law firm attacks, mules are not used, instead data is either released or held at random by the Criminal Operator.